System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules

ABSTRACT

A system which enables a protected program to run only a selected plurality of computers includes a respective unique key Ki for each computer of the plurality, the key being triple encrypted in the form E FK  [E Ki  [E FK  [Ki]]]. A respective module is coupled to each computer of the plurality. A checker program in each computer responds to a request to use the protected program by performing a single decryption procedure E FK   -1  on the triple encrypted key and sends the result to the module as a message. The module performs a single decryption procedure E Ki   -1  on the message and sends that result back to the computer. The checker program receives the module&#39;s result and performs another single decryption procedure E FK   -1  on it to obtain key Ki. Then the checker program uses key Ki to decrypt an identifier, and proceeds with the execution of the protected program only if it is identified by the decrypted identifier.

BACKGROUND OF THE INVENTION

This invention relates to data processing systems; and in particular itrelates to data processing systems which include some means forpreventing the piracy of software programs.

Basically, every data processing system includes a digital computerwhich performs various tasks in response to a sequence of instructionscalled a program or software. Many different programs can be writtem forthe same computer; and in each program, the sequence of instructions isdifferently arranged in accordance with the particular task that thecomputer is to perform. For example, one program can direct the computerto perform inventory operations, another program can direct the computerto perform payroll operations, etc.

Often, the programs which are written for a computer are very complex,comprise thousands of instructions, and represent a considerableinvestment in time and money. Therefore, efforts have been made in theprior art to prevent software from being stolen by software pirates.However, software is very easy to copy since it usually is stored on amagnetic tape or magnetic disk which is readily duplicated.Consequently, protecting software from piracy is difficult to achieve.

This problem of protecting software is most difficult for corporationswhich produce and license software programs, as a product, to manydifferent customers. Each time a program is distributed under a licenseto a different customer, that customer becomes a potential softwarepirate. For example, the potential exists for a customer to copy thelicensed software, terminate his license, and thereafter run thesoftware copy. Also, the potential exists for the customer to copy thesoftware and distribute it to third parties.

One of the prior art means which has been devised to prevent softwarepiracy is described in U.S. Pat. Nos. 4,168,396 and 4,278,837 to Best.In these patents, each instruction of the program is encrypted and sentto the customer in the encrypted form. Then, when the program is to berun, it is read into the computer in encrypted form, decrypted inside ofthe computer, and executed.

In the Best system, the decrypted program is not available for copyingsince the program on the storage media is always encrypted. However,since each instruction must be decrypted prior to being executed,execution of the program is very slow. Further, the program only runs onspecially constructed computers which do the decryption. These computersare only supplied by the software vendor; so the Best system does noteven work in the typical case where the software customer wants to run alicensed program on a computer which he already owns.

Another prior art software protection system is described in U.S. Pat.4,471,163 by Donald et al. In that system, the customer of a licensedprogram is supplied a program lock unit which performs a predeterminedcalculation on a number; and the program itself is modified to alsoperform the same calculation on the same number. Then the programcompares the result of its calculations to the result obtained from thelock unit and the program stops if the two results are not equal.

A problem, however, with the Donald et al system is that the result ofthe calculation which the lock unit performs is passed to the computerover a conductor on which it could be read by a line analyzer. Afterbeing read, that same result could be generated by any memory circuit,such as a programmed read only memory. Thus a copy of the protectedprogram could be made to run by simply replacing the lock unit with theread only memory.

Also in the Donald et al system, no further checks are made after thetwo results have been compared and the program has started to run.Therefore, one copy of the program can be started on a system to whichthe lock unit is attached, and thereafter the lock unit can be removedand transferred to another system whereupon another copy of the programcan be started. Thus the protection system is not suitable for programsof a type which operate for long time periods--such as graphics programswhich operate all day in an interactive fashion with an operator.

Another problem with the Donald et al system is that the customer of alicensed program must be given a copy of a key that contains severalparamemters which the customer then enters via a keyboard into the lockunit. Those parameters are operated on by the lock unit to produce theresult which the licensed program compares. However, having this keyenables a customer of one program (program A) to copy his key and hisprogram, and then give those copies to a customer of another program(program B). In return, the customer of program B can copy his programand his key, and given them to the customer of program A.

In view, therefore, of all of these prior art problems with protectingsoftware, it is a primary object of the invention to provide an improvedsystem for preventing software piracy in which these and other prior artdeficiencies are overcome.

BRIEF SUMMARY OF THE INVENTION

In accordance with the present invention, the above object, and others,are achieved by a system which enables a protected program to run ononly a selected plurality of computers, and which comprises:

a respective unique key for each computer of the plurality; the keybeing triple encrypted in the form E_(FK) [E_(Ki) [E_(FK) [Ki]]] whereKi is the unencrypted key, E_(Ki) is an encryption procedure E whichuses key Ki, and E_(FK) is the same encryption procedure E using asingle fixed key FK for all of the computers;

a respective module coupled to each computer of the plurality;

a checker program in each computer which responds to a request to usethe protected program by performing a single decryption procedure E_(FK)⁻¹ on the triple encrypted key and sends the result to the module as amessage M;

a means in the module which performs a single decryption procedureE_(Ki) ⁻¹ on message M and sends E_(Ki) ⁻¹ [M] back to the computer;

a means in the checker program for receiving E_(Ki) ⁻¹ [M] from themodule and for performing another single decryption procedure E_(FK) ⁻¹on it to obtain key Ki;

an identifier for the protected program that is encrypted with key Ki;and

a means in the checker program for using key Ki to decrypt theidentifier, and for proceeding with the execution of the protectedprogram only if it is identified by the decrypted identifier.

BRIEF DESCRIPTION OF THE DRAWINGS

Various features and advantages of the invention are described in detailin the following Detailed Description in conjunction with theaccompanying drawings wherein:

FIG. 1 illustrates a system for preventing software piracy in accordancewith the invention; and

FIG. 2 illustrates additional details of a decryptor-checker program inthe FIG. 1 system.

FIG. 2A is an extension of FIG. 2 and illustrates further details of thedecryptor-checker program in the FIG. 1 system.

DETAILED DESCRIPTION OF THE INVENTION

Referring now to FIG. 1, a preferred embodiment of a system whichprevents software piracy in accordance with the invention will bedescribed in detail. This system includes a digital computer 10, aplurality of work stations 11, and an input/output bus 12 which couplesthe work stations 12 to computer 10. Computer 10 may be any type ofgeneral purpose digital computer, such as a GRAFTEK Comet. Similarly,each work station 11 may be any type of terminal which has a keyboardthat enables an operator to request computer 10 to execute variousprograms, such as a GRAFTEK Meteor.

Also included in the FIG. 1 system is a disk 13 which stores protectedsoftware programs that run on computer 10. These programs are indicatedas PROG A, PROG B, and PROG C. Each program may direct computer 10 toperform any type of desired functions, and its exact makeup isunimportant. For example, the programs could interact with an operatorat the workstation to rotate a graphics image on a CRT screen in theworkstation, display two graphics images in a split screen fashion onthe CRT screen, or zoom in on a particular feature of the image that isbeing displayed.

Disk 13 also stores an encrypted list 14. Entry 14a of this list is atriple encrypted key of the form E_(FK) [E_(Ki) [E_(FK) [Ki]]]. In thisexpression, Ki is an unencrypted key that is unique to computer 10. Thatis, each time the FIG. 1 system is duplicated for a different customer,key Ki) is changed.

Term E_(Ki) in the above expression represents an encryption procedure Ewhich uses key Ki. Thus, when the FIG. 1 system is duplicated fordifferent customers, the encryption procedure E in each system is thesame, but the key Ki in each system is different.

Similarly, term E_(FK) in the above expression represents the encryptionprocedure E as recited above but which is performed with a single fixedkey FK. Thus, when the FIG. 1 system is duplicated for differentcustomers, the encryption procedure Eand its key FK is the same in eachsystem.

All of the protected programs on the FIG. 1 system also have acorresponding encrypted identifier in list 14. Entry 14b is theencrypted identifier for PROG A; entry 14c is the encrypted identifierfor PROG G; and entry 14d is the encrypted identifier for PROG C. Eachof these identifiers is encrypted first with procedure E_(FK) andthereafter with procedure E_(Ki).

Disk 13 also stores a decryptor-checker program 15. All of the detailsof this program will be described shortly in conjunction with FIG. 2. Ingeneral, however, program 15 operates in response to a request from anoperator at work station 11 for computer 10 to run a particular program.During its operation, program 15 checks whether the requested program isincluded in the encrypted list 14. If the requested program is in list14, then execution of that program is permitted to occur; otherwise, itis not.

A software protection module (SPM) 16 which operates in conjunction withprogram 15 is also included in the FIG. 1 system. Module 16 is coupledto computer 10 via a serial I/O bus 17. In operation, module 16 receivesa message via bus 17 from computer 10, performs a decryption functionE_(Ki) ⁻¹ on that message, and sends the results back via bus 17 tocomputer 10.

If the FIG. 1 system is duplicated for different customers, thedecryption steps E⁻¹ which module 16 performs is the same in eachsystem. However, the key Ki which module 16 uses in those steps isdifferent in each system.

Preferably, module 16 is packaged such that it is very difficult, if notimpossible, to open the package without destroying the key Ki. This maybe achieved by integrating the key inside of a microprocessor chip whichis programmed to perform the E_(Ki) ⁻¹ function, and by putting themicroprocessor chip in a very hard and chemically resistant substance,such as a polyimide, Teflon, or ladder-organosiloxane polymers.

Referring next to FIG. 2, the decryptor-checker program 15 will bedescribed in detail. This program is entered at a point 20 in responseto a request from an operator at work station 11 for computer 10 to runPROG A, PROG B, or PROG C. Program 15 begins by reading the tripleencrypted key 14a from list 14. Then it performs the single decryptionfunction E_(FK) ⁻¹ on entry 14a and sends the result to module 16 as amessage M. This is indicated by reference numerals 21, 22, and 23.

Module 16 responds by receiving the message M which computer 10 sent andperforming a single decryption function E_(Ki) ⁻¹ on that information.Then module 16 sends the result back to computer 10 as E_(Ki) ⁻¹ [M].This is indicated in FIG. 2 by reference numerals 24, 25, and 26.

Program 15 receives the information which module 16 sent and performsthe single decryption function E_(FK) ⁻¹ on it to obtain the unencrytedkey Ki. This is indicated by reference numerals 27 and 28.

Thereafter, program 15 reads the remaining entries in list 14 andperforms the decryption functions E_(Ki) ⁻¹ and E_(FK) ⁻¹ on them. Ifthe result of those decryption operations yields the name of the programwhich was requested by work station 11, then execution of that programcontinues. Otherwise, execution of the requested program is bypassed.This is indicated by reference numerals 29 thru 33.

One important feature of the above described system is that the list 14and module 16 are matched such that they only work together as a pair.Thus a potential software pirate cannot make and sell copies of theprotected programs because each program will only run on a system whichhas a particular module 16.

Another important feature of the above described system is that none ofthe messages on bus 17 between computer 10 and module 16 contain key Kiin its unencrypted form. Therefore, a potential software pirate cannotdetect the key Ki by placing a line analyzer on bus 17 to read themessages on the bus.

Yet another feature of the above system is that none of the messagesthat are transmitted on bus 17 correspond to any entry in the encryptedlist 14. Therefore, a potential software pirate cannot even determinewhat parts of list 14 are being transmitted on bus 17 by placing a lineanalyzer on bus 17 to record the messages and by later comparing thosemessages to the data which is stored on the disk.

Still another feature of the above described system is that key Kipermanently exists in its unencrypted form only in module 16. But module16 is tamperproof in the sense that key Ki is destroyed if the module isopened. Therefore, there is no permanent copy of key Ki for a potentialsoftware pirate to obtain.

Another feature of the above system is that it provides a very practicalmeans for a software vendor to protect his programs. This is becausemost computers have a serial I/O bus, and so that software vendordoesn't need to design a module with a new bus interface for eachcustomer. Instead for each customer, only list 14 needs to be encrypteddifferently and a different key Ki needs to be potted in module 16.

Program 15 also has a second entry point as indicated by referencenumeral 40. This point of the program is entered at randomly selectedtime instants while any of the authorized programs are running.

Upon entering point 40, program 15 generates a random number and sendsit to module 16. In response, a module 16 receives the random number,performs the decryption function E_(Ki) ⁻¹ on the random number, andsends the result back to computer 10. This is indicated by referencenumerals 41 thru 45.

After receiving the decrypted random number, program 15 acquires key Kiand performs the encryption function E_(Ki) on the decrypted randomnumber. This result is then compared to the originally generated randomnumber of step 41. If the numbers are equal, the running of therequested program is continued. Otherwise, the running of the requestedprogram is terminated. This is indicated by reference numerals 46-49.

One feature of this portion of program 15 is that it prevents a thieffrom removing module 16 after a protected program has started running.Therefore, a thief cannot start the protected programs on the FIG. 1system, move module 16 to another system which has a copy of theprotected programs, and start the copied programs running without havingFIG. 1 system stop.

Yet another feature of the above portion of program 15 is that itprevents a thief from duplicating module 16 by placing a line analyzeron bus 17, monitoring and storing all of the responses which module 16makes, and building a circuit which duplicates those responses. Such anattempt will not work since the numbers sent via step 42 and theresponse received via step 46 will always be changing with time.

A preferred embodiment of the invention has now been described indetail. In addition, however, many changes and modifications can be madeto these details without departing from the nature and spirit of theinvention.

For example, the details of the encryption steps E and decryption stepsE⁻¹ as well as their specific implementation is unimportant. Anyencryption-decryption algorithm will work so long as it meets theconstraint E_(Ki) ⁻¹ [E_(Ki) [Ki]]=Ki. Many suitable algorithms andimplementations are described, for example, in the text Cryptography: ANew Dimension in Computer Data Security by Meyer et al, published byJohn Wiley & Sons.

As another modification, entry 14a in list 14 may be replaced with adouble encrypted key of the form E_(Ki) [E_(FK) [Ki]]. This wouldeliminate the need for step 22 in program 14, which would make theprogram run faster. However, the price for this increase in speed willbe a decreased degree of security.

As still another modification, checker program 15 can be partitionedinto may parts which are scrambled throughout the protected programs(e.g., program A, program B, and program C). Usually the protectedprograms are much larger than the checker program, so locating thechecker program after such scrambling is essentially impossible. Thus,this gives an added degree of security since it prevents a potentialsoftware pirate from locating the checker program and bypassing it.

Accordingly, since many such modifications are possible, it is to beunderstood that the invention is not limited to the above details but isdefined by the appended claims.

What is claimed is;
 1. A system for enabling a protected program to runon only a selected plurality of computers, comprising:a respectivetriple encrypted key for each of said computers of the form E_(FK)[E_(Ki) [E_(FK) [Ki]]] where Ki is an unencryped key that is unique toeach of said computers, E_(Ki) is an encryption procedure E which useskey Ki, and E_(FK) is the same encryption procedure E using a singlefixed key FK for all of said computers; a respective unique modulecoupled to each computer of said plurality for performing a decryptionprocedure E_(Ki) ⁻¹ where Ki is unique to each module; a checker programin each computer which responds to requests to use said protectedprogram by performing a single decryption procedure E_(FK) ⁻¹ on saidtriple encrypted key and sends the result to said module as a message M;said module being adapted to perform said single decryption procedureE_(Ki) ⁻¹ on said message M and send E_(Ki) ⁻¹ [M] back to saidcomputer;a means in said checker program for receiving E_(FK) ⁻¹ [M]from said module and for performing another single decryption procedureE_(FK) ⁻¹ on it to obtain key Ki; an identifier that is encrypted withsaid key Ki; and a means in said checker program for using key Ki todecrypt said identifier, and for proceeding with the execution of saidprotected program only if it is identified by the decrypted identifier.2. A system according to claim 1 wherein said checker program furtherincludes a means for intermittently stopping the protected program'sexecution to send a random number to said module, to receive a responsefrom said module, and to continue with the execution of said protectedprogram only if the encryption E_(Ki) of said response matches saidrandom number.
 3. A system according to claim 2 wherein said identifieris double encrypted via procedures E_(FK) and E_(Ki).
 4. A systemaccording to claim 3 wherein said module is coupled to its computer viaa bit serial bus.
 5. A data processing system comprised of:a computerhaving a key Ki that is unique to said computer and is at least doubleencrypted in the form E_(Ki) [E_(FK) [Ki]] where E_(Ki) is an encryptionprocedure E which uses key Ki, and E_(FK) is the same encryptionprocedure E using another key FK; a module coupled to said computer forreceiving said key in said double encrypted form in response to arequest for said computer to run a protected program and for partiallydecrypting said double encrypted key to a single encrypted key E_(FK)[Ki]; a checker program for receiving said single encrypted key E_(FK)[Ki] from said module and for completing its decryption to Ki; anidentifier that is encrypted with said key Ki; and a means in saidchecker program for using Ki to decrypt said identifier, and forproceeding to run said protected program only if it is identified by thedecrypted identifier.
 6. A system according to claim 5 wherein saidchecker program further includes a means for temporarily stopping theprotected program's execution to send a random number to said module, toreceive a response from said module, and to continue with the executionof said protected program only if the encryption E_(Ki) of said responsematches said random number.
 7. A system according to claim 5 whereinsaid key Ki is stored in a storage media in a triple encrypted formE_(FK) [E_(Ki) [E_(FK) [Ki]]], and said checker program includes a meansfor performing E_(FK) ⁻¹ on the permanently stored key and sending thedouble encrypted result to said module.
 8. A system according to claim 5wherein said identifier is double encrypted via procedures E_(FK) andE_(Ki).
 9. A system according to claim 5 wherein said module is coupledto said computer via a bit serial bus.
 10. A data processing system ofthe type which includes a computer, a protected program for saidcomputer, and a module coupled to said computer; said system furtherincluding:a key Ki that is unique to said computer and is doubleencrypted; a means in said computer for receiving a request to use saidprotected program, and in response thereto, for sending said doubleencryted key to said module; a means in said module for performing adecryption procedure E_(Ki) ⁻¹ on said double encrypted key to obtain asingle encrypted key and for sending the latter back to said computer; ameans in said computer for decrypting said single encrypted key to anunencrypted key; and a means in said computer for utilizing saidunencrypted key to decrypt an encrypted identifier, and for proceedingwith the execution of said protected program only if the decryptedidentifier has a predetermined value.